IE/Firefox redirect virus

[chicks05]

First sign of infection was the redirection when I tried to use links returned from search engines (google and yahoo). Also sometimes just sat there and never got to a site, or site had blank screen. Upon system shutdown, 2 rundll32 processes always had to be killed. New tmp file continually appeared on desktop.

Downloaded Avast as new virus software, removed Win32:KillApp-W [PUP] and Win32:Downloader-KNB [Trj]

Downloaded new version of MBAM, removed Trojan.BHO (fsharproj), Trojan.SHarpro, Trojan.SHarpro.Gen, Trojan.SHarpro.PGen, PUM.Hijack.StartMenu (files, registry keys and values)

Now Avast and MBAM both find nothing but redirect problem continues.

Below is my latest MBAM scan and dds.txt.

Attached is my zip file with attach.txt and ark.txt.

Appreciate any help you can give me! Thanks.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7836

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/30/2011 10:01:07 PM

mbam-log-2011-09-30 (22-01-07).txt

Scan type: Quick scan

Objects scanned: 199518

Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Administrator at 23:21:59 on 2011-09-30

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1084 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{0cd3bb5c-bbca-11d2-8c20-00c04fbbcff9}\A94AAB13.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: amazon.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://l.yimg.com/jh/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://webgames.d.tmsrv.com/c=6604d679b8890ad714d340ac4dc2660e/aff=t_20wt_wg/p/release/gamehouse/wg_adventureball/adventureball/abxgh.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{6420B83B-6321-4EFC-B945-2E5B745AA661} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: DeviceNP - DeviceNP.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\p1ov4ola.default\

FF - component: c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\firefox\components\CAFxToolBar.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-28 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-28 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-28 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-28 44768]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-2-14 540448]

R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\microsoft sql server\msrs10_50.sqlexpress\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-6-29 263056]

R2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-6-29 1592208]

R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-6-29 1091984]

R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\fdlauncher.exe [2010-4-3 28512]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-2-14 30008]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-18 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]

.

=============== Created Last 30 ================

.

2011-09-30 04:29:52 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache

2011-09-30 01:09:10 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-09-30 01:08:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-09-29 21:16:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 21:16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 12:37:14 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search

2011-09-28 12:44:57 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-28 12:44:34 41184 ----a-w- c:\windows\avastSS.scr

2011-09-28 12:44:22 -------- d-----w- c:\program files\AVAST Software

2011-09-28 12:44:22 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-09-28 12:07:23 0 ---ha-w- c:\documents and settings\administrator\zgptxwehep.tmp

2011-09-14 20:29:36 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search

2011-09-14 20:05:07 -------- d-----w- c:\program files\Windows Desktop Search

2011-09-14 20:04:08 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-09-14 20:04:07 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-09-14 20:04:07 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 14:38:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-07 16:07:59 459 ----a-w- c:\program files\0807201112075726.bat

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 23:25:51.76 ===============

ark.zip

[AdvancedSetup]

Hello,

Please try to update MBAM and do another Quick Scan and post back that log.

Then go ahead and follow the directions below.

Please visit this webpage for instructions for running ComboFix:

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[chicks05]

ok, here is the mbam output, newly created. Also did new boot scan with Avast this aft, nothing found there either.

I will do the combofix later tonight or possibly tomorrow. Got to get some papers graded...

Thanks so much for your help, I can see you guys are very busy.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7870

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/4/2011 9:32:33 PM

mbam-log-2011-10-04 (21-32-33).txt

Scan type: Quick scan

Objects scanned: 197783

Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[AdvancedSetup]

Great, thanks. I'll check back tomorrow.

[chicks05]

Here is the log from combofix:

ComboFix 11-10-05.02 - Administrator 10/05/2011 19:10:51.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1290 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{055f1633-2504-4fe1-a67c-01a203602bfe}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{055f1633-2504-4fe1-a67c-01a203602bfe}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{055f1633-2504-4fe1-a67c-01a203602bfe}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{055f1633-2504-4fe1-a67c-01a203602bfe}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{055f1633-2504-4fe1-a67c-01a203602bfe}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{5ebe6cd6-458e-4939-84ee-b8603a526f16}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{5ebe6cd6-458e-4939-84ee-b8603a526f16}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{5ebe6cd6-458e-4939-84ee-b8603a526f16}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{5ebe6cd6-458e-4939-84ee-b8603a526f16}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{5ebe6cd6-458e-4939-84ee-b8603a526f16}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{69a5b8ba-6e0e-4588-b2b0-138ba9e9c55e}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{69a5b8ba-6e0e-4588-b2b0-138ba9e9c55e}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{69a5b8ba-6e0e-4588-b2b0-138ba9e9c55e}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{69a5b8ba-6e0e-4588-b2b0-138ba9e9c55e}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{69a5b8ba-6e0e-4588-b2b0-138ba9e9c55e}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{cb5c21f2-b8a1-4755-b05b-0810c6de3818}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{cb5c21f2-b8a1-4755-b05b-0810c6de3818}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{cb5c21f2-b8a1-4755-b05b-0810c6de3818}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{cb5c21f2-b8a1-4755-b05b-0810c6de3818}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\extensions\{cb5c21f2-b8a1-4755-b05b-0810c6de3818}\install.rdf

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Administrator\zgptxwehep.tmp

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe

c:\windows\system32\comct332.ocx

c:\windows\system32\d3d9caps.dat

E:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))

.

.

2011-09-30 04:29 . 2011-09-30 04:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2011-09-30 01:09 . 2011-09-30 01:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-09-30 01:08 . 2011-09-30 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-09-29 21:16 . 2011-09-29 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 21:16 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 12:37 . 2011-09-29 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2011-09-28 12:45 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-28 12:45 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-28 12:44 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-28 12:44 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-28 12:44 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-28 12:44 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-28 12:44 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-28 12:44 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-09-28 12:44 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-09-28 12:44 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-28 12:44 . 2011-09-28 12:44 -------- d-----w- c:\program files\AVAST Software

2011-09-28 12:44 . 2011-09-28 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-09-17 19:58 . 2011-09-17 19:59 -------- d-----w- c:\program files\7-Zip

2011-09-14 20:29 . 2011-09-14 20:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2011-09-14 20:05 . 2011-09-15 21:25 -------- d-----w- c:\program files\Windows Desktop Search

2011-09-14 20:04 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-09-14 20:04 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-09-14 20:04 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 14:38 . 2011-05-14 17:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-29 01:20 . 2011-08-29 00:52 2377696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-08-29 00:52 . 2010-11-15 16:13 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2011-08-07 16:07 . 2011-08-07 16:07 459 ----a-w- c:\program files\0807201112075726.bat

2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-04 08:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-10-04 13:53 . 2011-03-25 17:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-10-08 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-07 177456]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2009-2-25 30720]

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 3983760]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2007-06-08 17:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-09-24 12:27 166424 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-09-24 12:27 141848 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 13:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-04-19 21:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2004-08-04 13:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

2006-07-13 16:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-01-05 17:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

2007-05-23 15:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/28/2011 8:44 AM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/28/2011 8:45 AM 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2011 8:45 AM 20568]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2/14/2008 5:58 AM 540448]

R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 12:56 PM 1177952]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [6/29/2011 8:01 AM 263056]

R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [6/29/2011 8:01 AM 1592208]

R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [6/29/2011 8:01 AM 1091984]

R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [4/3/2010 12:56 PM 28512]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 10:29 AM 136176]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2/14/2008 6:19 AM 30008]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 1:06 PM 172131]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 10:29 AM 136176]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/18/2011 7:55 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 12:56 PM 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 12:02 PM 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 12:56 PM 367456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 14:28]

.

2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 14:28]

.

2010-05-06 c:\windows\Tasks\Install.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-05-06 00:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: amazon.com\www

TCP: DhcpNameServer = 192.168.0.1

DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://l.yimg.com/jh/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab

DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://webgames.d.tmsrv.com/c=6604d679b8890ad714d340ac4dc2660e/aff=t_20wt_wg/p/release/gamehouse/wg_adventureball/adventureball/abxgh.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Scrubbles_is1 - c:\program files\Oberon Media\Scrubbles\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-05 19:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|?M?|?????M?|??@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3549601710-1649461426-307929683-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,44,88,a5,92,b9,e4,47,b7,0c,29,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,44,88,a5,92,b9,e4,47,b7,0c,29,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(980)

c:\windows\system32\DeviceNP.dll

c:\windows\system32\igfxdev.dll

.

Completion time: 2011-10-05 19:32:42

ComboFix-quarantined-files.txt 2011-10-05 23:32

.

Pre-Run: 170,138,562,560 bytes free

Post-Run: 173,669,961,728 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 2F38F9BE575951DE3A819D8E067F4D77

[AdvancedSetup]

STEP 01

Please visit this site and restore Firefox back to the factory default settings.

Restore Firefox Default Settings Without Uninstalling It

STEP 02

Start Internet Explore and go to Tools/Internet Options/Advanced and click on the Reset but then quit IE.

STEP 03

Please download and run the following tool unhide.exe

STEP 04

Click on START - RUN and type in MSCONFIG and click OK

Set it to NORMAL and immediately reboot the computer.

STEP 05

Please do a factory reset on your router. This can typically be done by inserting a small pin or paper clip into the small hole in the back for 5 to 10 seconds.

Make sure you set a good password on it as well.

STEP 06

Run Combofix once again and post back the new log and let me know if the redirect issue is still happening or not.

STEP 07

Run DDS again and post back both logs - I want the attach one as well.

Thanks

[chicks05]

Good news so far, I have not been able to get the redirection to happen again after doing all the resets.

Ran Combofix and DDS, logs follow and 1 attached.

ComboFix 11-10-07.04 - Administrator 10/07/2011 21:40:19.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1301 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))

.

.

2011-10-07 19:55 . 2011-10-07 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

2011-09-30 04:29 . 2011-09-30 04:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2011-09-30 01:09 . 2011-09-30 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files

2011-09-30 01:08 . 2011-09-30 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-09-29 21:16 . 2011-09-29 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 21:16 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 12:37 . 2011-09-29 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2011-09-28 12:45 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-28 12:45 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-28 12:44 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-28 12:44 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-28 12:44 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-28 12:44 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-28 12:44 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-28 12:44 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-09-28 12:44 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-09-28 12:44 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-28 12:44 . 2011-09-28 12:44 -------- d-----w- c:\program files\AVAST Software

2011-09-28 12:44 . 2011-09-28 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-09-17 19:58 . 2011-09-17 19:59 -------- d-----w- c:\program files\7-Zip

2011-09-14 20:29 . 2011-09-14 20:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2011-09-14 20:05 . 2011-09-15 21:25 -------- d-----w- c:\program files\Windows Desktop Search

2011-09-14 20:04 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-09-14 20:04 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-09-14 20:04 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 20:02 . 2011-05-14 17:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-29 01:20 . 2011-08-29 00:52 2377696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-08-29 00:52 . 2010-11-15 16:13 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2011-08-07 16:07 . 2011-08-07 16:07 459 ----a-w- c:\program files\0807201112075726.bat

2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-10-04 13:53 . 2011-03-25 17:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-05_23.27.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-07 20:02 . 2011-10-07 20:02 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe

+ 2010-01-27 01:07 . 2011-10-07 20:02 8522400 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-10-08 50592]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-07 177456]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-8-24 192512]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2009-2-25 30720]

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 3983760]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2007-06-08 17:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/28/2011 8:44 AM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/28/2011 8:45 AM 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2011 8:45 AM 20568]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2/14/2008 5:58 AM 540448]

R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 12:56 PM 1177952]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [6/29/2011 8:01 AM 263056]

R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [6/29/2011 8:01 AM 1592208]

R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [6/29/2011 8:01 AM 1091984]

R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [4/3/2010 12:56 PM 28512]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 10:29 AM 136176]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2/14/2008 6:19 AM 30008]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 1:06 PM 172131]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 10:29 AM 136176]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/18/2011 7:55 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 12:56 PM 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 12:02 PM 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 12:56 PM 367456]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PROCEXP141

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 14:28]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 14:28]

.

2010-05-06 c:\windows\Tasks\Install.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-05-06 00:17]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

Trusted Zone: amazon.com\www

TCP: DhcpNameServer = 192.168.0.1

DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://l.yimg.com/jh/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab

DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://webgames.d.tmsrv.com/c=6604d679b8890ad714d340ac4dc2660e/aff=t_20wt_wg/p/release/gamehouse/wg_adventureball/adventureball/abxgh.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-07 21:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|?M?|?????M?|??@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3549601710-1649461426-307929683-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,31,bf,c8,66,fb,10,48,9b,e2,68,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,44,88,a5,92,b9,e4,47,b7,0c,29,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,31,bf,c8,66,fb,10,48,9b,e2,68,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,31,bf,c8,66,fb,10,48,9b,e2,68,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,31,bf,c8,66,fb,10,48,9b,e2,68,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(976)

c:\windows\system32\DeviceNP.dll

.

- - - - - - - > 'explorer.exe'(2388)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\btmmhook.dll

c:\progra~1\WINDOW~1\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-10-07 21:57:31

ComboFix-quarantined-files.txt 2011-10-08 01:57

ComboFix2.txt 2011-10-05 23:32

.

Pre-Run: 173,401,526,272 bytes free

Post-Run: 173,423,038,464 bytes free

.

- - End Of File - - 1D9BFBB3FBA8A3A340BB9630CE65353C

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Administrator at 22:09:24 on 2011-10-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1192 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File

uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{0cd3bb5c-bbca-11d2-8c20-00c04fbbcff9}\A94AAB13.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: amazon.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://l.yimg.com/jh/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://webgames.d.tmsrv.com/c=6604d679b8890ad714d340ac4dc2660e/aff=t_20wt_wg/p/release/gamehouse/wg_adventureball/adventureball/abxgh.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{6420B83B-6321-4EFC-B945-2E5B745AA661} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: DeviceNP - DeviceNP.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\p1ov4ola.default\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-28 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-28 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-28 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-28 44768]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-2-14 540448]

R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\microsoft sql server\msrs10_50.sqlexpress\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-6-29 263056]

R2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-6-29 1592208]

R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-6-29 1091984]

R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\fdlauncher.exe [2010-4-3 28512]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-2-14 30008]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-18 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]

.

=============== Created Last 30 ================

.

2011-10-08 01:38:27 -------- d-----w- C:\ComboFix

2011-10-07 19:55:02 -------- d-----w- c:\documents and settings\all users\application data\LightScribe

2011-10-05 23:06:41 -------- d-sha-r- C:\cmdcons

2011-10-05 23:04:23 98816 ----a-w- c:\windows\sed.exe

2011-10-05 23:04:23 518144 ----a-w- c:\windows\SWREG.exe

2011-10-05 23:04:23 256000 ----a-w- c:\windows\PEV.exe

2011-10-05 23:04:23 208896 ----a-w- c:\windows\MBR.exe

2011-09-30 04:29:52 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache

2011-09-30 01:09:10 -------- d-----w- c:\documents and settings\all users\application data\Common Files

2011-09-30 01:08:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-09-29 21:16:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 21:16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 12:37:14 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search

2011-09-28 12:44:57 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-28 12:44:34 41184 ----a-w- c:\windows\avastSS.scr

2011-09-28 12:44:22 -------- d-----w- c:\program files\AVAST Software

2011-09-28 12:44:22 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-09-14 20:29:36 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search

2011-09-14 20:05:07 -------- d-----w- c:\program files\Windows Desktop Search

2011-09-14 20:04:08 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-09-14 20:04:07 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-09-14 20:04:07 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

.

==================== Find3M ====================

.

2011-10-07 20:02:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-07 16:07:59 459 ----a-w- c:\program files\0807201112075726.bat

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 22:16:01.14 ===============

attach2.zip

[AdvancedSetup]

STEP 01

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

RegLock::
[HKEY_USERS\S-1-5-21-3549601710-1649461426-307929683-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Please visit this Microsoft site and download and run the Fixit utility in the middle of the page.

How to reset Internet Protocol (TCP/IP)

STEP 03

Go ahead now and uninstall Combofix

Click on START - RUN and type in COMBOFIX   /Uninstall

STEP 04

Uninstall ALL versions of Java from Control Panel/Add Remove and restart your computer.

STEP 05

Make sure both Avast AV is up and running and updated as well as MBAM and let me know if there are any other issues before we get ready to close your post.

[chicks05]

When I started ComboFix with the CFscript it said there was a newer version of ComboFix available and I said yes. So then when it restarted ComboFix after getting the new version I wasn't sure if it knew to restart using the CFscript? Anyway I kept saying yes and here is the output. Please let me know if I need to start the last set of directions again with creating the script and I wlll wait before doing any of the other steps.

thanks

ComboFix 11-10-08.01 - Administrator 10/08/2011 12:20:09.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1201 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))

.

.

2011-10-07 19:55 . 2011-10-07 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

2011-09-30 04:29 . 2011-09-30 04:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2011-09-30 01:09 . 2011-09-30 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files

2011-09-30 01:08 . 2011-09-30 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-09-29 21:16 . 2011-09-29 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 21:16 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 12:37 . 2011-09-29 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2011-09-28 12:45 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-28 12:45 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-28 12:44 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-28 12:44 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-28 12:44 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-28 12:44 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-28 12:44 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-28 12:44 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-09-28 12:44 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-09-28 12:44 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-28 12:44 . 2011-09-28 12:44 -------- d-----w- c:\program files\AVAST Software

2011-09-28 12:44 . 2011-09-28 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-09-17 19:58 . 2011-09-17 19:59 -------- d-----w- c:\program files\7-Zip

2011-09-14 20:29 . 2011-09-14 20:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2011-09-14 20:05 . 2011-09-15 21:25 -------- d-----w- c:\program files\Windows Desktop Search

2011-09-14 20:04 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-09-14 20:04 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-09-14 20:04 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 20:02 . 2011-05-14 17:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-29 01:20 . 2011-08-29 00:52 2377696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-08-29 00:52 . 2010-11-15 16:13 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2011-08-07 16:07 . 2011-08-07 16:07 459 ----a-w- c:\program files\0807201112075726.bat

2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-10-04 13:53 . 2011-03-25 17:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-05_23.27.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-07 20:02 . 2011-10-07 20:02 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe

+ 2010-01-27 01:07 . 2011-10-07 20:02 8522400 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-10-08 50592]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-07 177456]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-8-24 192512]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2009-2-25 30720]

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 3983760]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2007-06-08 17:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/28/2011 8:44 AM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/28/2011 8:45 AM 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2011 8:45 AM 20568]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2/14/2008 5:58 AM 540448]

R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 12:56 PM 1177952]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [6/29/2011 8:01 AM 263056]

R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [6/29/2011 8:01 AM 1592208]

R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [6/29/2011 8:01 AM 1091984]

R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [4/3/2010 12:56 PM 28512]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 10:29 AM 136176]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2/14/2008 6:19 AM 30008]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 1:06 PM 172131]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 10:29 AM 136176]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/18/2011 7:55 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 12:56 PM 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 12:02 PM 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 12:56 PM 367456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 14:28]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 14:28]

.

2010-05-06 c:\windows\Tasks\Install.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-05-06 00:17]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

Trusted Zone: amazon.com\www

TCP: DhcpNameServer = 192.168.0.1

DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://l.yimg.com/jh/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab

DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://webgames.d.tmsrv.com/c=6604d679b8890ad714d340ac4dc2660e/aff=t_20wt_wg/p/release/gamehouse/wg_adventureball/adventureball/abxgh.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p1ov4ola.default\

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-08 12:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|?M?|?????M?|??@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(976)

c:\windows\system32\DeviceNP.dll

.

- - - - - - - > 'explorer.exe'(3164)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\btmmhook.dll

c:\progra~1\WINDOW~1\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-10-08 12:36:42

ComboFix-quarantined-files.txt 2011-10-08 16:36

ComboFix2.txt 2011-10-08 01:57

ComboFix3.txt 2011-10-05 23:32

.

Pre-Run: 173,221,621,760 bytes free

Post-Run: 173,215,850,496 bytes free

.

- - End Of File - - 9597A2F4B5571BB489704FE856D510BE

[AdvancedSetup]

No that all looks good. Go ahead and remove Combofix as described in previous steps if not done yet.

Are there any other issues or indications of an infection still?

[chicks05]

Did all remaining steps, all signs are gone!

I am having trouble with my internet connection going away randomly since I reset the router, however this appears to be a different (non-malware-related) problem, so am researching that separately.

So I think you and I are probably done.

You guys are doing great work, I talk about your site to everyone. Also I teach Intro to Computers at a community college and unfortunately I have been the big example to my classes as to "what not to click on". But hey maybe they'll realize it's not just something in their book.

Anyway, your help has been invaluable. Thank you so much for all your time.

[AdvancedSetup]

Great, glad all is working okay now.

Please review the following link and go ahead and remove any other tools left over that may have been used during the scanning and cleaning process.

So how did I get infected in the first place?

Take care and stay safe out there.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!